Description

ISO/IEC 27005:2018 provides guidelines for information security risk management. Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of this standard.

This document supports the main concepts specified in ISO/IEC 27001 and is designed to assist with the implementation of information security based on a risk management approach.

This document applies to all types of organisations (e.g. commercial enterprises, government agencies, non-profit organisations) that intend to manage risks that can compromise their information security.